What I do with your data (GDPR policy)
Confidentiality and privacy are essential for counselling. This notice explains what personal information I keep, why I keep it and what I will do with it. My aim is to transparent without complicating matters unnecessarily.
What information do I keep and why do I keep it?
Name, date of birth, address and phone number – These are kept so that I can contact you and to ensure that your records are not confused with any other person.
Email address – with your permission, I will email you a link to a feedback questionnaire after your counselling has ended.
GP details – used together with the above information, to enable me to contact your GP should I believe it to be necessary. This would usually be with your agreement.
Any information that you provide during sessions, including sensitive information may be recorded within my session notes.
Your data is for my eyes only, there are a few exceptional circumstances in which I will need to share some infomation about you: these are,
• Your first name will be shared with my clinical supervisor (my professional obligation).
• If I receive a subpoena from a court of law.
• If you disclose information that raises safeguarding concerns including serious risk of harm to yourself or others; or abuse or neglect of a child or vulnerable adult, I have a duty of care to disclose that information to the appropriate authorities.
• If you disclose information that indicates that you are at substantial risk of suicide, I will release that information to your GP. If there is an immediate risk I will contact the emergency services.
• If you disclose anything to do with terrorism, drug trafficking or money laundering I am legally required to inform the police and it is a criminal offence for me to inform you that I have done so.
• In the event of my death or incapacitation, there is a Plan B for all clients to be contacted. If Plan B needs to be used, a designated colleague will access my records in order to contact you.
If in the unusual event I do share information about you, I will always aim to discuss it with you first unless the situation requires an immediate response. If I am required to release information before discussing it with you, I will inform you at the earliest opportunity except in the case of information relating to terrorism, drug trafficking or money laundering.
I will never share your data for any reason other than the reasons stated above.
How is your data stored?
I keep your contact details on paper under lock and key the whereabouts of which is shared with a trusted person in case I am incapacitated and cannot contact you.
Your first name and phone number will be stored in my phone which is passcode protected.
I use an online platform for my client appointment and records called Writeupp where your data is protected by 24/7 manned security, CCTV, real-time encrypted backup and geographically separate replication. (For more information about security at Writupp go to security.
How long is your data stored and how is it disposed of?
All information will be kept for 5 years from the date of our last session. This is the timeframe requested by my insurance company.
Your phone number will be deleted from my phone 7 days after your final session as will any email correspondence.
I will not routinely delete messages or emails from you regarding arrangements as this helps me keep a record of our communications – but am happy to do so on request.
What are your rights?
Under the General Data Protection Regulation, you have the right to say what happens to the data that I keep.
The right to be informed – which is the purpose of this privacy information notice.
The right of access – you have the right to see the information that I keep.
The right to rectification – you have the right to request that I amend any personal data which is factually incorrect, misleading or incomplete.
The right of erasure – under certain circumstances, you have the right to request that I destroy the data that I keep.
The right to restrict processing* – under certain circumstances, you have the right to request that I no longer process the data that I keep.
The right to data portability – under certain circumstances, you have the right to request that I transfer the data that I hold to another organisation or individual.
The right to object – because the lawful basis that I use to process your data is Contract, you do not have the right to object to me processing your information.
If you would like to exercise any of your rights at any time, you can request it verbally or in writing. I will respond to your request within 30 days.
If you believe that I have processed your information incorrectly or without your permission, you have the right to complain to the ICO. Details of how to do this can be found at www.ico.org.uk
*processing data means to obtain, record, store, update and share information.
Updated January 2021